NCSC gives green light to limited technologies from Chinese supplier

The UK’s National Cyber Security Centre (NCSC) has concluded that any security risk involved in using Huawei technology for 5G networks can be managed.

Concerns surrounding Huawei have been present for some years, on the grounds that the company could be pressed into spying for the Chinese government.

Founder Ren Zhengfei was once in the Chinese military, and under Chinese law, all companies are required to ‘support, co-operate with, and collaborate in national intelligence work’.

However, in sharp distinction to the authorities in the US, New Zealand, and Australia, the NCSC is believed to have decided that it can contain any security risk by limiting the amount of Huawei technology used.

5G networks are rolling out across the globe, bringing speeds up to 20 times higher than those of today’s 4G networks, along with lower latency and the ability to connect to more devices.

Trials are currently underway in the US, EU, Japan, and Canada, with China, South Korea, and Australia set to launch services this year.

And while attention has been focused largely on the risks of allowing Huawei to dominate, some have other security concerns, too.

“Critical applications like remote healthcare, remote monitoring, and control over our power grids, and self-driving automobiles will all rely on 5G technologies,” a spokesman for security firm Palo Alto Networks tells The Daily Swig.

“The networks will become more distributed and many critical applications will be hosted at the edge of 5G networks and across edge clouds.”

“Opportunities for threat actors will emerge if they are allowed to go unchecked, as they will use automation to wage multi-stage attacks and find the least secure portions of the 5G networks to exploit.”

According to Cody Brocious, head of hacker education at bug bounty platform HackerOne, it’s the devices attached to the network that represent the biggest security risk. One of the biggest drivers for 5G is the Internet of Things (IoT) – and here, security is notoriously poor.

“In my opinion, the issue isn’t 5G security at all, but the security of the devices connected to the network. Data being transferred at a higher rate doesn’t mean more things will be hacked. 5G will also have more security functions and safety measures than previous iterations of cellular networks,” Brocious tells The Daily Swig.

“While it’s crucial to have security at the forefront when designing a new product or network, and the IoT world is full of serious security issues, the security concerns about 5G are largely overblown. Whether connected over 5G, 4G, or a phone line, the devices themselves are almost always the weakest link.”

Last week, mobile network operator trade body the GSMA called on European policymakers to establish a 5G assurance testing and certification regime.

“European mobile operators already have established working relationships with national security agencies across Europe,” the organization said in a statement.

“These operators stand ready to work with policymakers now to agree on further proportionate and risk-based methods, not least a common, consistent and agreed security assurance, testing and certification regime for Europe,”

“This will give confidence in network security while maintaining competition and innovation in the supply of network equipment and data affordability to end users.”